Actions
Feature #2436
closed[mod_auth] Implement the ssl backend/method
ASK QUESTIONS IN Forums:
Description
Hello,
please let me quote the commit message, which should say it all:
[mod_auth] Implement the ssl backend/method. When SSL client certificate verification if activated (even if not enforced), one can specify a given field of the certificate to be used as the username, making it possible to set access restrictions based on that username. Connecting without a certificate means a denied access to restricted paths (no username). Configuration example: ssl.verifyclient.activate = "enable" ssl.verifyclient.enforce = "disable" # more ssl-related settings auth.backend = "ssl" auth.backend.ssl.field = "SSL_CLIENT_S_DN_CN" auth.require = ( "/any-ssl-user" => ( "require" => "valid-user", "method" => "ssl" ), "/only-specific-ssl-users" => ( "require" => "user=james|user=alec", "method" => "ssl" ) ) Signed-off-by: Cyril Brulebois <kibi@debian.org>
I've tested this successfully on 1.4.28; I've also tried to make sure misconfigurations are detected properly.
The patch applied cleanly on 1.4.32, except for the documentation file that moved under doc/outdated/.
Mraw,
KiBi.
Files
Updated by stbuehler over 11 years ago
- Target version changed from 1.4.x to 1.4.33
Updated by stbuehler over 11 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset r2894.
Actions
Also available in: Atom